To be fair, their main competitor, Cisco, has had a significant number of hardcoded password backdoors found in their products. While their reporting and patching story is better, their security track record is still awful. It's believable that Huawei as awful security and backdoors, but that is just as bad as Cisco. The real difference would be if they were actively aiding espionage, which has been talked about a lot but never backed up with evidence.
> It's believable that Huawei as awful security and backdoors, but that is just as bad as Cisco
Given “Cisco [has previosuly] revealed parts of [an] independent expert's report produced for [a] case which proved that Huawei had stolen Cisco code and directly copied it into their products,” that wouldn’t be surprising.
At the end of the day, you have a company with strong links (down to its founder) to the military of an adversarial dictatorship and which has been proven to have violated international sanctions with Iran, North Korea, Syria and Venezuela. This isn’t a “beyond reasonable doubt” criminal case. It’s a reasonable weighing of odds determination.
Also not wrong. But the US, while not a dictatorship, and with its own share of problematic foreign policy, has been caught with its hand in the security cookie jar.
DUAL_EC_DRBG was included in BSAFE and Juniper products. So even if we assume the worst of Huawei, it's really a matter of which back door you want in your networking equipment. My hope is that these constant accusations make Huawei drive big improvements in reproducible builds, source-available software, and verifiable hardware. But I'm not holding my breath.
Then again, at the end of the day, you have companies with strong links to an adversarial government and which has been proven to have conducted economic espionage for the benefit of domestic companies, regularly violated (and violates) human rights, overthrown elected governments, invaded countries under false pretenses, and sentence people to death without a fair trial. If that's your line of logic, then there's more than enough shit to go around. Both sides are shitty.
The point being made is that industry-level security is not real evidence of malicious behavior on huawei's part. If you want people to avoid huawei, present proof.
> At the end of the day, you have a company with strong links (down to its founder) to the military
This sort of pure propaganda just undermines your case. The founder of Huawei was never more than a low level engineer in the military, was forbidden from joining the CCP for many years [1].
https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...